Create Nmcap.yml

yml/OtherMSBinaries/Nmcap.yml

@@ -0,0 +1,26 @@
+---
+Name: Nmcap.exe
+Description: Command-line packet capture utility from Microsoft Network Monitor 3.x.
+Author: Avihay Eldad
+Created: 2025-09-16
+Commands:
+  - Command: nmcap.exe /network * /capture /file {PATH_ABSOLUTE:.cap}
+    Description: |
+      Start capture on all network adapters and save to specified .cap (circular) file.
+      Optionally, one can add:
+      - `/TerminateWhen /TimeAfter 30 seconds` to auto-terminate after a relative times (e.g. 30 seconds);
+      - `/TerminateWhen /Time 04:52:00 AM 9/17/2025` to auto-terminate after a specific date/time;
+      - `/TerminateWhen /KeyPress x` to terminate when a specific key is pressed.
+    Usecase: Capture network traffic on windows to collect sensitive data.
+    Category: Reconnaissance
+    Privileges: Administrator
+    MitreID: T1040
+    OperatingSystem: Windows
+Full_Path:
+  - Path: C:\Program Files\Microsoft Network Monitor 3\nmcap.exe
+  - Path: C:\Program Files (x86)\Microsoft Network Monitor 3\nmcap.exe
+Resources:
+  - Link: https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/network-monitor-3
+Acknowledgement:
+  - Person: Avihay Eldad
+    Handle: '@AvihayEldad'